Analysis

  • max time kernel
    47s
  • max time network
    153s
  • platform
    android_x64
  • resource
    android-x64-20240514-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
  • submitted
    30-05-2024 13:10

General

  • Target

    manager.apk

  • Size

    4.3MB

  • MD5

    02a2ff9e69d85de4dad105213f620382

  • SHA1

    690396a68222724daff6622715643cfa48ce5940

  • SHA256

    c2da3df534ece06c4e87d60ae4690f4c58a9b6d3d05a45898181123201c1d8d9

  • SHA512

    041c83686150960f2a5373f6a84a58d0361e0374b6947cd5c0071ca5fbc11569aefaf614831085a1412146431eab96ef76893792aede0c4f820a7c170e28ea23

  • SSDEEP

    98304:AAU5ofra3s1A/YOkmr8R9OobyFB9Uiwyt7JsXFI:qkCYS+Fbq9Ure6X+

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 2 IoCs
  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Acquires the wake lock 1 IoCs
  • Checks if the internet connection is available 1 TTPs 1 IoCs
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

  • Checks the presence of a debugger

Processes

  • com.vanced.manager
    1⤵
    • Checks if the Android device is rooted.
    • Checks memory information
    • Queries information about running processes on the device
    • Acquires the wake lock
    • Checks if the internet connection is available
    • Schedules tasks to execute at a specified time
    PID:5232

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.vanced.manager/databases/com.google.android.datatransport.events

    Filesize

    40KB

    MD5

    5a58283f14250b84dcb566bd8ac19a70

    SHA1

    53b2265e86e6657197f3cfc0ae925e4119cbf825

    SHA256

    3bff06b43c10be176dd0324ff28bda74ad25eede6973c2e13e25a591ea9f9f06

    SHA512

    9f667a7bed869d4bdb8be0c8f5679cdc801da1191dc5c10124abd50728d761da62876b54884c14d84747eb8d4c4b3559e6e59abdbddb8cd3cce78c44cbbdb7a9

  • /data/data/com.vanced.manager/databases/com.google.android.datatransport.events-journal

    Filesize

    24KB

    MD5

    47daada2c174afd76f90e9692c4a6f21

    SHA1

    eca4bad6d8571daa2504d917764556376bdfa96e

    SHA256

    1532bc5c1b3b592bc3717bea0801e91aad4c39dab2be5f833ca8eebd56a279f6

    SHA512

    4839055a32878aca37456cb92a9ab036df8daa533f10467230d720c0e11de7952d8bcaa8ced6a7ea3ea75fe3cd0ac6a3f667303056c0c73c275b92874fe4d996

  • /data/data/com.vanced.manager/databases/com.google.android.datatransport.events-journal

    Filesize

    512B

    MD5

    949a8a84dc54f6786a97ca0e12b70634

    SHA1

    bc3b66937ae11b731c2a8f929da74e2d91e00a1b

    SHA256

    74be24e280faa43894244929bf4e09c17e6dc09f9d1f846ca1b915c24c72744b

    SHA512

    934040fb5c267ead1dcf36c9ebae858e0ba26a2c0c5b873f856d6ef66383db317f5bb9d05efb26f1ddacebde122b5204a130a19a4bf91bc3c0888f18fa50f9df

  • /data/data/com.vanced.manager/databases/com.google.android.datatransport.events-journal

    Filesize

    16KB

    MD5

    a247f46eb92b2fe8f8ee66d97a14146d

    SHA1

    686236aa46ef33b3b4f82786a7148bcc918acaa9

    SHA256

    0584eaddedc72244594036234773516b67a53dfdd50779fcc4f2d510c6ba88c1

    SHA512

    34f3662d539fb5f1f57aa9cb9fa1df4822864b7daa009c1e90512e9d0c75c2e29fbe23522a706c0b3b506bdabadb153df54e995649d9fcd8c2445f1cf73b0a59

  • /data/data/com.vanced.manager/databases/com.google.android.datatransport.events-journal

    Filesize

    16KB

    MD5

    05fd09b564919c2c5a59687c8aca6fd5

    SHA1

    102c52df500f171dab2814ed13986686e92e1f62

    SHA256

    d15b7af92db1324cff87ecee262525b9b51ba682e52756efebb3ddb35c9685b4

    SHA512

    dfe7d1b14bbc1871cc4e1716fa7cd92a0ece2d936c67e1e5bceac5cdbabbc93d0da1c28faebcfa4d20e90e08022a7376544b6124744cc6b53040498c3d331b47

  • /data/data/com.vanced.manager/databases/com.google.android.datatransport.events-journal

    Filesize

    8KB

    MD5

    8cb3d4580db7a7df1d3f6675e09de5be

    SHA1

    9b22f35c1638d34f394a8cd8dfc8b38518c1a749

    SHA256

    3f1661d71e756c1d6d62cf705368322156f465299efd6cba1f5e51831745201e

    SHA512

    eeab59819c9ff4d962da50c897c38632f5b3e2863989172330a5403c74429e2e1c482409f5c3f28fb0a0b253d1ff4d9cc945eb24a9de8b9dca9c687c91c9ea11

  • /data/data/com.vanced.manager/databases/com.google.android.datatransport.events-journal

    Filesize

    8KB

    MD5

    1b61c929fbc8a2382c1221bbffb9873a

    SHA1

    354959360563b6e17500e532c75244703bc03b53

    SHA256

    64b6f011c1db0801c526b69f27bb6609f7869eaf280dae229170c26eb78a4c19

    SHA512

    0e95c8c8ca72355152eb1c22eb4f9151038042978f079ac4434b22119852ec3b0bd19c8a1fe2bfefba51f5b679037433401a261b695d72a641641054390530fc

  • /data/data/com.vanced.manager/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    eb52a90bb70b76e946b62f50b6f7fb85

    SHA1

    42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

    SHA256

    48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

    SHA512

    b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

  • /data/data/com.vanced.manager/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    6cb56a78a18c20f7898537611f39f6f9

    SHA1

    5e335b06c4487600aca20faf28b1e17456b124e1

    SHA256

    f25c55ad50137d7bfe81f6b041de802bfe3852d1b5179812c6b1e7c8267180a8

    SHA512

    7b043c216a7a9dc9f9b47b4d2d713df358b1bd50cb42a5c1137d5b70e5f73dd6ced851f5cc11fcc5b7a20153688baba919c6942cf29f176decd7bee1ee0fc74a

  • /data/data/com.vanced.manager/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    afb99d23b762ba9e0d3bb2369eb9193e

    SHA1

    994313922763c24dc85911aef8617bc04ffa4b5a

    SHA256

    00650465ccb86db852446563ea5ee3b8401d86c9ab163aa386eb84c314b75c20

    SHA512

    ae0146420053fb93cea08056369b71778568dda8017bc8dee716440e522c4e35224642f30c407d4bbed10ddc687f3a1955a0530e0113a3f87bb55fb4ccaeada1

  • /data/data/com.vanced.manager/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    c79d8215e6e408ee55ef33b6493b5d3a

    SHA1

    a72eda1151099992b9fe4e16e45b118d4743f6e9

    SHA256

    5242ca9d0852c276fe9aa8e045d1586bfed6493fb144d589a3365c24d949484a

    SHA512

    157b6bea8b7e599dbf710a3f21b9de756a615e3faa8648a576af998573980f102a58772eb888a58005cf07856cc5b165b7b0e94c752e2fe5d8c0d09d52e43ed6

  • /data/data/com.vanced.manager/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    015107523714beacc027e28e04dfd9c8

    SHA1

    c528ea0c2565d3cfb626fb36d3196c4bf81d4c6e

    SHA256

    8e77cf0f60cde63ec796d6e3db91a637c26bd215090ee800d1a58f5a36eb7bbc

    SHA512

    3d5c24c588b57ec0190abd2d4ebbd0c748a7231b296df7280090393d7886a0dac6c9bef75947e563acf717ca07cd1bcc244ffadbdc26fca30478b864107ceaa9

  • /data/data/com.vanced.manager/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    81f0bdd39b514be1c7b64d2c025494c3

    SHA1

    52b0e15dcd0c96c5662b2aa222615c6a5af4ca3a

    SHA256

    d8ee6f7ccbe82fbdfc46a5624a0b79646a2a77a6eb78c5f6b88046268c7b8314

    SHA512

    470bc599ed101d406ac11fc3f01627917b8a5032a02de7d347145befb5e1f8f083f2887e486a9684ebb8b5c115eeeba6751afc749ed8381168f24bf9f94fdc51

  • /data/data/com.vanced.manager/databases/google_app_measurement_local.db-journal

    Filesize

    512B

    MD5

    3d61531925cd272de47345550d423835

    SHA1

    b4413ef7c5b22859f8832ffae263d2f336297ae5

    SHA256

    d89266a39d0c26e3ccf61ae77674199a824fb1453fe5c12b66e8b8f7b0ee70b4

    SHA512

    86588a6df86f0869a271178d31a54386f5e9807e4947538a9bb239259304fa6372dc9aebb5c5cdbe5ead88696fb2416462952e16073f0fd092dce5c2798f10ab

  • /data/data/com.vanced.manager/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    444b5f6da1b9b7878a6a6df9eb649773

    SHA1

    df9deaa53b3e040ad07dab0cce6c123680def5ed

    SHA256

    4690d31639f8794d155a892bf245a84ec7ae6af8f75784c24fc007ec2c6932db

    SHA512

    b234b9b704465ab40926ea6a4c79fce1a2065da2367727468c29fc86aa991a8dd02b4fcb8aaa12ecf366e775c525b4be3393c85caaa6c2d6ec462917cce3c1a1

  • /data/data/com.vanced.manager/databases/google_app_measurement_local.db-journal

    Filesize

    4KB

    MD5

    7a3ac2e52715fa6f297966b993d74984

    SHA1

    76104ad57aa2a4ddc0d9c0f1f03387f7cd4ff481

    SHA256

    f8428729980438f509611e7d92c9fa64b86886195750484a9b91fd44c6abe141

    SHA512

    f1f2c58104e65659c824bf83fedb8b81f34bc3c99a10fdc58a3017e7fa6de168f164fae59720ea345f5477d8810da826d147bcd3d83b4ffd0b1c1579ae96ecce

  • /data/data/com.vanced.manager/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    0b6d9b9a4ff162b204956d5d52283b62

    SHA1

    ced10fe8b97389fccc80444efb946135cf25af70

    SHA256

    71cc1b9416e94c332ac650cb1076b84207b4ca912189c9458b2949f0b73b944c

    SHA512

    843d1c9c92d58e74f96d045b1250340fbe48458a460c5fd10e3df57f56a6c3bb216e0ce8335195662d92af46102643d8539e402dc3b24adee9ee61f0394b2498

  • /data/data/com.vanced.manager/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    d5072379286eac52216b3a027e6cc613

    SHA1

    71c0ca739ca4a24d3ab84d26ca5c1c946dd24451

    SHA256

    dec5671ef63490a8459bc440de00bb3601104da114ab643cb341af10d7adfa64

    SHA512

    78a74901534b48dc8ba3f17cfd9b27b9ea42e181677b2fd3821b2992a293e8e7f457735fd4ca5e4c24bb2f46cca9c93aea4496b651333dec2116a9a1bbbecb7f

  • /data/data/com.vanced.manager/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    da7cd0eac16f18eb86a381b3231bb6c2

    SHA1

    9c9703b886cf2860d6afe2329afc238ac02329fb

    SHA256

    d7176694e3ef01e510b2e4e74994b6fa129c4775662e158db26769171fcd124b

    SHA512

    bc666810080e8e785eca054bb35a7f4659425f41e459a69e1245f647f7c680c85590b488b82a3eb669198d5f90d4feb53c80649ead4791f066ef4ec08a2a4ca8

  • /data/data/com.vanced.manager/files/.com.google.firebase.crashlytics/com.crashlytics.settings.json

    Filesize

    716B

    MD5

    401c57f17d3ad353d423b8532fa2c87e

    SHA1

    168e31d119aac9fa136471430df9337ab8ec639c

    SHA256

    925e6b9e473d38c3222c369e1c61107a834761916b85d52414bfc0d236f19995

    SHA512

    c75d90f104014a1493de5bdebafbd81b6677533d8fb048b723eacf50e4a6d079dfe2e8e055160e7ab17d234606169711a28d431213265aba7e8178838e54417d

  • /data/data/com.vanced.manager/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-66587AD2007900011470446A96EE8278.temp

    Filesize

    198B

    MD5

    1e8b11756772889dda6d888dc42e5e95

    SHA1

    f2781b5af5bff1286a66e5ce5557aacf758112fb

    SHA256

    bf20225a9cfa696fc2eb741de5bc0e9b920477499b34d71ba25f7d2e3b90f787

    SHA512

    ef7fb9937ac05efde183461b18ae29bb0f538474d5e3f3c7130ee30f61abb6f67ee2a070fb70e598b91f2bedb094f497caa8d5788da11e4d81ad40eaba146546

  • /data/data/com.vanced.manager/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-66587AD2007900011470446A96EE8278.temp.tmp

    Filesize

    16B

    MD5

    c33583fae4e0b61cde1c5b9227963237

    SHA1

    fe2ebe4d27469af1460f7e852031a04208ef629b

    SHA256

    35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

    SHA512

    fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

  • /data/data/com.vanced.manager/files/.com.google.firebase.crashlytics/report-persistence/sessions/66587AD2007900011470446A96EE8278/report

    Filesize

    764B

    MD5

    72c2ac8598304f9a64df9d1ad57fc9d2

    SHA1

    bcd6668711e586e94c484f330ea994fef4c26bdb

    SHA256

    01d071c3f845f5ca6674de6dc70b9e3bbed1c20adb2d75ac9aa60ede437b8c8d

    SHA512

    20d7711eaf11a53729b9fc357ec08c6bf336b3f8e0ddb05024d0021bf08e4733e12ebb9dd9b3ba4e6e9c9dcba0923e08656ff56b8faa28e259784e9b45d0bbab

  • /data/data/com.vanced.manager/files/PersistedInstallation2913137929823846854tmp

    Filesize

    90B

    MD5

    0297c3f750a2ab7ab90a6724659445b8

    SHA1

    274e2058eaf61a4b5aaa00fd1ca4d18221320b34

    SHA256

    59ed6f647647b53b585293f55328ecbd4a64c93493de2dba6766a43466418572

    SHA512

    72100131f34dbcfe7f40542beb32fa79b5185a0f8f34f17e789a2d928ebb095beb53d37c85214fc73874b0c456751b99d194dffe6edca32b152edc2d717a7789

  • /data/data/com.vanced.manager/files/PersistedInstallation5407954512918584619tmp

    Filesize

    570B

    MD5

    699eaadad2257ebfe955793d5ed004f2

    SHA1

    f0e5c008d31d9509ac91adb842228c4b3238ce6c

    SHA256

    dc38bf6ec362e4de04f1aa5bf14e85ba654b2eb32e66370830736c46bb062051

    SHA512

    790831499abbce5cfb172d560c4cefb2e73da0029da875be4a9194560bd66c43229b8a79cadd92f85403154c94e70103250ea7c211d45b13056cd3a6017eb3f9

  • /data/data/com.vanced.manager/no_backup/androidx.work.workdb

    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/com.vanced.manager/no_backup/androidx.work.workdb-journal

    Filesize

    512B

    MD5

    dfc5209136c3a87edac101ce864ab4c8

    SHA1

    45358ce4c5fd6270eea2c0846da8f70107f38b1d

    SHA256

    4d5a4975f1a204f772932316f63953a4811e22e904828d677d7de1df00364802

    SHA512

    7821d307fc6f31d89ac3ac6d25865eea300f4978f0332cf12cabe57f80390100476e5a419f890c47bd19ad48c7beac8f292e4a52d49513ec4881262b28a9949a

  • /data/data/com.vanced.manager/no_backup/androidx.work.workdb-shm

    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/com.vanced.manager/no_backup/androidx.work.workdb-wal

    Filesize

    16KB

    MD5

    c5a03f20056576a1ff4a8482c892b669

    SHA1

    0b833689e18ffa1c6b2945ec6c9c0e990501eb94

    SHA256

    a5588986434a3629a305b2946d02a0afdf47203ffa77264846a53b680e9df5c8

    SHA512

    76cac205b7b86bc98898a3ea29c85d61201a79ab3610a1a2ffe94ae5b747068c1820971774f51a59b310e6fa794d36a3584d6a05873f6f06b7f1bc6e88c6cc74

  • /data/data/com.vanced.manager/no_backup/androidx.work.workdb-wal

    Filesize

    108KB

    MD5

    41a4c8d9cb25ebfa18b8d0f6b7914b36

    SHA1

    8b976e3ae02d71a7342f09e91471f07317682a28

    SHA256

    fc85d471aab0729f21f127e12abc2d6360628d8d2b4f0497b3c5379ccfb96e4d

    SHA512

    070f2299b24e8b1ca484da9a57e146213a322e38acd255a9af389a8b099bf5760690d3a1696eac39124cdd65b9630a56f152ee8c6dc54f562c1e8f03c576d3ba